A (Breach) Case for Account Takeover Prevention

February 5, 2019

You may have heard that a cache of 770 million email addresses and passwords was discovered recently on a popular hacking site. “The Guardian” reported on the discovery of the largest collection of breached data published to date in their January 17 article.

Discovered by security researcher Troy Hunt, who runs the Have I Been Pwned breach-notification service, the collection is a compilation of data breaches from thousands of different sources. In the article, Troy says, “In total, there are 1,160,253,228 unique combinations of email addresses and passwords, and . . . 21,222,975 unique passwords.”

We don’t want to feed fear by building on a consumer identity apocalypse narrative, but it does raise an important point: Account takeover protection is complex, and more than ever, essential.

Loyalty programs that ask users to log in with personal details are a powerful means for companies to engage customers and welcome them back, again and again. However, it only takes one fraudulent “incident” to ruin that hard-won trust.

Let’s explore how account takeover is an expanding and complex threat. In this type of fraud, a third party is able to access a user’s confidential online accounts. Beyond exploiting a victim’s personal information, there are many reasons why a criminal might take over an account. They can use that access to buy goods, withdraw funds, trade value between multiple accounts, or even access and create other accounts. Major damage can result for the consumer and the merchant. A consumer’s positive perceptions of a brand can shift and the brand is tainted.

That’s why it’s a best practice to protect customer accounts with the same diligence given to monetary transactions.

An account takeover can be launched with personal data, such as a password, account number, username, or social security number, or combinations of this data. Various sophisticated networks such as phishing and botnets take this information as a key and use it to begin the process of unlocking the door.

Online merchants are responsible for a consumer’s journey through their site. Ensuring the consumer’s protection now extends to securing accounts with strategies that go beyond password protection.

Kount Access intelligently protects against account takeover by analyzing user behavior and device data against client-set risk thresholds for their decline, allow, or challenge decision. This analysis is delivered in milliseconds to support a friction-free experience for known customers, while fraudsters are sent away empty handed.

While Hunt’s discovery of this 87GB collection is alarming, it does amplify the need for brands to heighten safeguards that keep those within your tight-knit brand circle, close.

Learn how Kount Access can help you protect your customers’ sensitive information. Schedule a demo with us.

Schedule a Demo